add iam workload identity federation (#4071) (#2623)

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/4071.txt

@@ -0,0 +1,3 @@
+```release-note:new-resource
+`google_iam_workload_identity_pool`
+```

google-beta/config.go

@@ -118,6 +118,7 @@ type Config struct {
 	FirestoreBasePath            string
 	GameServicesBasePath         string
 	HealthcareBasePath           string
+	IAMBetaBasePath              string
 	IapBasePath                  string
 	IdentityPlatformBasePath     string
 	KMSBasePath                  string
@@ -202,6 +203,7 @@ var FirebaseDefaultBasePath = "https://firebase.googleapis.com/v1beta1/"
 var FirestoreDefaultBasePath = "https://firestore.googleapis.com/v1/"
 var GameServicesDefaultBasePath = "https://gameservices.googleapis.com/v1beta/"
 var HealthcareDefaultBasePath = "https://healthcare.googleapis.com/v1beta1/"
+var IAMBetaDefaultBasePath = "https://iam.googleapis.com/v1beta/"
 var IapDefaultBasePath = "https://iap.googleapis.com/v1/"
 var IdentityPlatformDefaultBasePath = "https://identitytoolkit.googleapis.com/v2/"
 var KMSDefaultBasePath = "https://cloudkms.googleapis.com/v1/"
@@ -996,6 +998,7 @@ func ConfigureBasePaths(c *Config) {
 	c.FirestoreBasePath = FirestoreDefaultBasePath
 	c.GameServicesBasePath = GameServicesDefaultBasePath
 	c.HealthcareBasePath = HealthcareDefaultBasePath
+	c.IAMBetaBasePath = IAMBetaDefaultBasePath
 	c.IapBasePath = IapDefaultBasePath
 	c.IdentityPlatformBasePath = IdentityPlatformDefaultBasePath
 	c.KMSBasePath = KMSDefaultBasePath

google-beta/iam_beta_operation.go

@@ -0,0 +1,61 @@
+// ----------------------------------------------------------------------------
+//
+//     ***     AUTO GENERATED CODE    ***    AUTO GENERATED CODE     ***
+//
+// ----------------------------------------------------------------------------
+//
+//     This file is automatically generated by Magic Modules and manual
+//     changes will be clobbered when the file is regenerated.
+//
+//     Please read more about how to change this file in
+//     .github/CONTRIBUTING.md.
+//
+// ----------------------------------------------------------------------------
+package google
+
+import (
+	"fmt"
+	"time"
+)
+
+type IAMBetaOperationWaiter struct {
+	Config    *Config
+	UserAgent string
+	Project   string
+	CommonOperationWaiter
+}
+
+func (w *IAMBetaOperationWaiter) QueryOp() (interface{}, error) {
+	if w == nil {
+		return nil, fmt.Errorf("Cannot query operation, it's unset or nil.")
+	}
+	// Returns the proper get.
+	url := fmt.Sprintf("https://iam.googleapis.com/v1beta/%s", w.CommonOperationWaiter.Op.Name)
+
+	return sendRequest(w.Config, "GET", w.Project, url, w.UserAgent, nil)
+}
+
+func createIAMBetaWaiter(config *Config, op map[string]interface{}, project, activity, userAgent string) (*IAMBetaOperationWaiter, error) {
+	if val, ok := op["name"]; !ok || val == "" {
+		// This was a synchronous call - there is no operation to wait for.
+		return nil, nil
+	}
+	w := &IAMBetaOperationWaiter{
+		Config:    config,
+		UserAgent: userAgent,
+		Project:   project,
+	}
+	if err := w.CommonOperationWaiter.SetOp(op); err != nil {
+		return nil, err
+	}
+	return w, nil
+}
+
+func iAMBetaOperationWaitTime(config *Config, op map[string]interface{}, project, activity, userAgent string, timeout time.Duration) error {
+	w, err := createIAMBetaWaiter(config, op, project, activity, userAgent)
+	if err != nil || w == nil {
+		// If w is nil, the op was synchronous.
+		return err
+	}
+	return OperationWait(w, activity, timeout, config.PollInterval)
+}

google-beta/provider.go

@@ -415,6 +415,14 @@ func Provider() *schema.Provider {
 					"GOOGLE_HEALTHCARE_CUSTOM_ENDPOINT",
 				}, HealthcareDefaultBasePath),
 			},
+			"iam_beta_custom_endpoint": {
+				Type:         schema.TypeString,
+				Optional:     true,
+				ValidateFunc: validateCustomEndpoint,
+				DefaultFunc: schema.MultiEnvDefaultFunc([]string{
+					"GOOGLE_IAM_BETA_CUSTOM_ENDPOINT",
+				}, IAMBetaDefaultBasePath),
+			},
 			"iap_custom_endpoint": {
 				Type:         schema.TypeString,
 				Optional:     true,
@@ -749,9 +757,9 @@ func Provider() *schema.Provider {
 	return provider
 }
 
-// Generated resources: 193
+// Generated resources: 194
 // Generated IAM resources: 81
-// Total generated resources: 274
+// Total generated resources: 275
 func ResourceMap() map[string]*schema.Resource {
 	resourceMap, _ := ResourceMapWithErrors()
 	return resourceMap
@@ -933,6 +941,7 @@ func ResourceMapWithErrors() (map[string]*schema.Resource, error) {
 			"google_healthcare_dicom_store":                                resourceHealthcareDicomStore(),
 			"google_healthcare_fhir_store":                                 resourceHealthcareFhirStore(),
 			"google_healthcare_hl7_v2_store":                               resourceHealthcareHl7V2Store(),
+			"google_iam_workload_identity_pool":                            resourceIAMBetaWorkloadIdentityPool(),
 			"google_iap_web_iam_binding":                                   ResourceIamBinding(IapWebIamSchema, IapWebIamUpdaterProducer, IapWebIdParseFunc),
 			"google_iap_web_iam_member":                                    ResourceIamMember(IapWebIamSchema, IapWebIamUpdaterProducer, IapWebIdParseFunc),
 			"google_iap_web_iam_policy":                                    ResourceIamPolicy(IapWebIamSchema, IapWebIamUpdaterProducer, IapWebIdParseFunc),
@@ -1255,6 +1264,7 @@ func providerConfigure(ctx context.Context, d *schema.ResourceData, p *schema.Pr
 	config.FirestoreBasePath = d.Get("firestore_custom_endpoint").(string)
 	config.GameServicesBasePath = d.Get("game_services_custom_endpoint").(string)
 	config.HealthcareBasePath = d.Get("healthcare_custom_endpoint").(string)
+	config.IAMBetaBasePath = d.Get("iam_beta_custom_endpoint").(string)
 	config.IapBasePath = d.Get("iap_custom_endpoint").(string)
 	config.IdentityPlatformBasePath = d.Get("identity_platform_custom_endpoint").(string)
 	config.KMSBasePath = d.Get("kms_custom_endpoint").(string)

google-beta/resource_iam_beta-workload_identity_pool_id_test.go

@@ -0,0 +1,31 @@
+package google
+
+import (
+	"strings"
+	"testing"
+)
+
+func TestValidateIAMBetaWorkloadIdentityPoolId(t *testing.T) {
+	x := []StringValidationTestCase{
+		// No errors
+		{TestName: "basic", Value: "foobar"},
+		{TestName: "with numbers", Value: "foobar123"},
+		{TestName: "short", Value: "foos"},
+		{TestName: "long", Value: "12345678901234567890123456789012"},
+		{TestName: "has a hyphen", Value: "foo-bar"},
+
+		// With errors
+		{TestName: "empty", Value: "", ExpectError: true},
+		{TestName: "starts with a gcp-", Value: "gcp-foobar", ExpectError: true},
+		{TestName: "with uppercase", Value: "fooBar", ExpectError: true},
+		{TestName: "has an slash", Value: "foo/bar", ExpectError: true},
+		{TestName: "has an backslash", Value: "foo\bar", ExpectError: true},
+		{TestName: "too short", Value: "foo", ExpectError: true},
+		{TestName: "too long", Value: strings.Repeat("f", 33), ExpectError: true},
+	}
+
+	es := testStringValidationCases(x, validateWorkloadIdentityPoolId)
+	if len(es) > 0 {
+		t.Errorf("Failed to validate WorkloadIdentityPool names: %v", es)
+	}
+}